<?php
/**
 * @author @author Samrat Khan & Sadik Sarfaraz - Apr 22, 2013
 */
    require('top.inc.php');

    if(empty($_SESSION['user'])) {        
        header("Location: login.php");
        die("Redirecting to login.php"); 
    }
    if(!empty($_POST)) {
        if(!filter_var($_POST['email'], FILTER_VALIDATE_EMAIL)) {
            die("Invalid E-Mail Address");
        }
        if($_POST['email'] != $_SESSION['user']['email']) { 
            $query = "SELECT 1 FROM wms_users WHERE email = :email";
            $query_params = array (
                ':email' => $_POST['email']
            );
            try {
                $stmt = $db->prepare($query); 
                $result = $stmt->execute($query_params); 
            } catch(PDOException $ex) {
                die("Failed to run query: " . $ex->getMessage()); 
            }
            $row = $stmt->fetch(); 
            if($row) { 
                die("This E-Mail address is already in use"); 
            }
        }
        if(!empty($_POST['password'])) { 
            $salt = dechex(mt_rand(0, 2147483647)) . dechex(mt_rand(0, 2147483647)); 
            $password = hash('sha256', $_POST['password'] . $salt); 
            for($round = 0; $round < 65536; $round++) { 
                $password = hash('sha256', $password . $salt); 
            }
        } else {
            $password = null; 
            $salt = null; 
        }
        $query_params = array( 
            ':email' => $_POST['email'], 
            ':user_id' => $_SESSION['user']['id'], 
        );
        if($password !== null) { 
            $query_params[':password'] = $password; 
            $query_params[':salt'] = $salt; 
        }
        $query = "UPDATE wms_users SET email = :email"; 
        if($password !== null) { 
            $query .= ", password = :password, salt = :salt"; 
        }
        $query .= " WHERE id = :user_id";
        
        /*
         * @ execution error handling with below var_dump
         * var_dump($query);
         */
        
        try {
            $stmt = $db->prepare($query); 
            $result = $stmt->execute($query_params); 
        } catch(PDOException $ex) {
            die("Failed to run query: " . $ex->getMessage()); 
        }
        
        $_SESSION['user']['email'] = $_POST['email'];
        header("Location: logout.php");
        die("Redirecting to logout.php");
    }
?>
<form action="" method="post" class="form-horizontal">
    <div class="control-group">
        <label class="control-label" for="uniquename">Username</label>
        <div class="controls">
            <input type="text" name="" class="span3" id="" value="<?php echo $_SESSION['user']['username']; ?>"  readonly />
        </div>
    </div>
    <div class="control-group">
        <label class="control-label" for="uniquename">Customer</label>
        <div class="controls">
            <input type="text" name="" class="span3" id="" value="<?php echo getCustomer($_SESSION['user']['cus_id'], $db); ?>"  readonly />
        </div>
    </div>    
    <div class="control-group">
        <label class="control-label" for="uniquename">E-Mail Address</label>
        <div class="controls">
            <input type="text" name="email" class="span3" value="<?php echo htmlentities($_SESSION['user']['email'], ENT_QUOTES, 'UTF-8'); ?>" />
        </div>
    </div>
    <div class="control-group">
        <label class="control-label" for="uniquename">Password</label>
        <div class="controls">
            <input type="password" name="password" class="span3" value="" />
            <br/>
            [<i>leave blank if you do not want to change your password</i>]
        </div>
    </div>
    <div class="control-group">
        <label class="control-label" for="uniquename">&nbsp;</label>
        <div class="controls">
            <input type="submit" value="Update Account" />
        </div>
    </div>
</form>